AACS Revision Cracked A Week Before Release

stevedcc writes "Ars Technica is running a story about next week's release of AACS, which is intended to fix the currently compromised version. The only problem is, the patched version has already been cracked. From the article: 'AACS LA's attempts to stifle dissemination of AACS keys and prevent hackers from compromising new keys are obviously meeting with extremely limited success. The hacker collective continues to adapt to AACS revisions and is demonstrating a capacity to assimilate new volume keys at a rate which truly reveals the futility of resistance. If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'"

C64 one more time

[Anon-Admin]

Sounds like the old days of the C64 boards. It started with 1day warez, soon there were 0day warez, before it was all done there were boards that only accepted -7day warez. That was warez (Cracked software) that were released no later than 7 days before the program was to hit the market!

Give up now and stop waisting money on something that will never work!

Does anybody else...

[u-bend]

...feel like this will be one of those anthropological head-scratchers to historians in 50-100 years? DRM? What an odd culture they had there....

Ten years from now, kids will be reading

[zappepcs]

about the great Consumer Revolt of 2007 in history classes.

The list of revolt-ish type actions lately is getting quite long. I think the Internet is really starting to make its true value known.

Companies who want to force DRM on the consumers are simply terrified that they have no product and must force consumers to pay for distribution. The sad part is that they are wasting so much time, money, effort, and lobbying to try to stop what they never could before, and have no hope of stopping in the future; the sneaker-net is still alive and apparently doing very well with 500GB USB drives selling for less than 2 seasons of the Sopranos.

Digg, AACS, XM radio, and all that came before it. Oh, also that deal with the King and feet, the actress having sex on the beach... who knows how many more it will take ....

Life imprisonment for attempted piracy, anyone?

[mercuriciodide]

"If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'" DRM won't be called into question. The real question to those with power and their minions is: what's the best punishment for offenders? Is it life imprisonment, the "solution" for such things as hacking the main page of a corporate website or committing "attempted piracy"?

Re:Hex or GTFO

[kebes]

That would actually be interesting. Digg ended the last uproar by saying "okay, we give up, go ahead and post it"... but by then the key had been posted to so many sites (largely in protest) that no one cared anymore. Even the AACS team must have realized that it was futile to now suppress the code. I'm sure they sent out plenty of other legal threats, but basically the code had been widely distributed.

But if someone posted a new Digg story, with the code... what would happen? Let's say Digg was the first (or one of the first) to "break" this story. Would Digg bury the story? Or let it stand? Would they begin another proactive campaign of suppressing the information? Or would they stick to their previous (rather belated) show of solidarity with their users? If they were one of the only sites distributing it, they would be (rightly) afraid of an imminent AACS legal threat.

It will be very interesting to see the reactions of the community and the AACS team as more keys are discovered and distributed. (Heck, it may occur that someone posts a bogus key story to Digg, just to mess with them.)

more like "calls DRM, period, into question."

[swschrad]

you have folks designing a roadblock into the process of decoding media, that doesn't always work, that is not supported on any of the minority OS... and they wonder why other folks keep cracking it?

you think maybe somebody out there in MogulLand would look at the swirling Warez underground, and for once think maybe, "geez, the free market says we are bumbling goons?"

apparently it only happens in Britain, where somebody at Electric Music Industries Ltd. woke up sober and straight one morning...

Re:waste of time

[Loconut1389]

You've seen the videos haven't you?

"YOU WOULDN'T STEAL A CAR
YOU WOULDN'T STEAL A HANDBAG
YOU WOULDN'T STEAL A TELEVISION
YOU WOULDN'T STEAL A DVD"

I was just saying that when you 'steal' a movie by downloading it, you're not taking a copy away from someone- like when you steal a car or a handbag or a television, or anything tangible for that matter.

I also was saying that if you do pirate the movie, when you go to watch it and see the little video, its already too late for it to make a difference and wouldn't anyway.

Re:Does anybody else...

[ch-chuck]

not really - I have Edison cylinder recordings from ~1900 with copyright and warnings about the dire consequences of unauthorized duplication on them. No matter what you guys think, artists, especially those with a big investment in their work, will want to get paid or at least break even. Most likely in the future, the freebie-grubbers will have a large public pool of newbie and hack work to wallow in, while the serious artworks will only be available to a select limited audience who isn't afraid to pony up the price of admission without shouting about how it's their natural born right to infringe on others' creative rights.

Re:waste of time

[geoff lane]

Hey! I like watching a 5 minute diatribe accusing me of being a criminal. I love the way that they don't allow you to skip or FF through the little moral tale. I don't care that I have to wait to see the movie I paid $40 to "own"... every single time from now until doomsday.

It's suggested that this single annoyance drives ordinary people to learn how to rip dvds and in the process eliminate the wonderful story about drug dealing pirates; I couldn't possibly comment.
 

Re:Cost Functions

[Bent Mind]

...movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy.

You're not looking at the problem from the perspective of a corporate accountant. They don't look at developing and implementing DRM and say "look how much we are saving." Rather, they add it into their piracy cost projections and say "look at what piracy is costing us". Then they give those numbers to Congress and ask for stricter laws, harsher punishments, and more protection.

Re:Ten years from now, kids will be reading

[GenSec]

I think the Internet is really starting to make its true value known.

Let's just hope this doesn't backfire with some ugly regulations.

The sad part is that they are wasting so much time, money, effort, and lobbying [snipped]

Sad for you or for them? Their time, their money, their effort, etc. :)

I myself create copyrighted stuff that I like to be paid for. That also means that I pay for other people's creations that I want to watch/listen to/use in some other way. But I can't say I don't enjoy watching stubborn, wisdomproof people being taught a lesson in futility of their efforts :)

Re:waste of time

[Loconut1389]

Sorry - I had assumed the little clips were so well known that I would be being somewhat redundant or space sucking or something if I said them outright- plus it would ruin the joke ;)

I guess the videos are better known in mention than experience. They're on a fair number of DVDs (though a decreasing number it seems?) anymore and often when you go to the theater. I used to be a big theater buff, but when tickets went from $7 to $9 to $10 to $11/ticket within 2 years, I gave up. I invested in a good home theater instead and never regretted it. I like watching in private and being able to pause, get popcorn, beer, whatever ;)

Re:Umm...

[moderatorrater]

Actually, if itunes would just make it so that I could re-download my music if I accidentally delete it, move computers, etc, I'd probably buy all my music from them. If a service promised me that I'd never lose my file after I'd purchased it, I'd be their customer for life.

Re:waste of time

[robbiethefett]

the only cinema i've been to in years is a locally-owned independent theater that was restored to a movie theater. the building itself is chock full of character, and has excellent acoustics, since it was designed before amplified sound. it's got a really great top-notch sound system now, and since the guy who sells you the concessions is the same guy who owns the whole place, you can request different films. my girlfriend and i mentioned to him off-hand that we'd love to see the original, un-raped analog star wars trilogy on the big screen since we were too young to see it in theaters growing up. he thought it was a great idea, so he did it. i think we have him sold on showing ghostbusters and evil dead this halloween. i guess the point of the story is that people are perfectly willing to pay a reasonable amount of money to see a good movie in a good setting..

Re:Extremely Limited Success?

[Jesus_666]

The problem is that Spider-Man 3 is a computer-generated extravaganza. B-Movies don't fit into that category. The fact that most computer-generated extravaganzas have scripts and acting better suited for B- or Z-movies doesn't mean that they aren't hellishly expensive computer-generated extravaganzas.

Seriously, they could make a computer-generated extravaganza about a magical turd hopping around Cleveland and people would pay to see it just because it's a computer-generated extravaganza with an advertising budget bigger than Poland's GNP.


Yes, part of that post was to say "computer-generated extravaganza" as often as possible. But the point still holds.

Re:AACS is done

[Sique]

Normally a good security system should still work if its structure is known to the world. Cf. Bruce Schneier on "security by obscurity".

But in this case we have the strange situation that the attacker knows everything: Not only the algorithm, but all the keys. So all there is left is some kind of obfuscation. I remember an article featured here about 10 years ago, where an israelian team proved mathematically, that a software based approach to DRM can't work. I wonder if we could get them as expert witness to tell the court in a DMCA case that a DRM based enforcement of copyrights can't be called "effective" and thus is not protected by the DMCA :)

DRM isn't about the piracy

[bgackle]

People don't seem to get it... DRM has nothing to do with piracy. That's just a marketing friendly excuse.

The purpose of DRM is to make it less convenient for people to format-shift and time-shift content, thus increasing revenue from attempting to sell content multiple times.

The *IAA aren't idiots. They don't care about piracy, but they do use it as a tool to lobby for increased protection of their content. Any increase in piracy is used as an argument for increased restrictions, which in turn destroy fair use and allow for more restrictive business models.

These sorts of hacks get unprotected content on the file sharing sites, but they don't change the fact that Joe Consumer still faces an added barrier to watching his HD-DVD on his HD-iPod without buying a second copy on HD-iTunes. That barrier is more legal than technical -- there will never be a shrink wrapped software package on the shelves of Best Buy that does this for him.

I hate to say it, but for all but us nerds, these sort of hacks play right into the *PAA's hand. They lose nothing that they hadn't already lost, and they gain political leverage to impliment yet more DMCA-style legislation.